Elias - it's in the post_content field - follow the instructions on the link I provided to have a look at your db.
This hack has happened to tons of wordpress blogs that I know of. -- Allen On Tue, Aug 17, 2010 at 1:51 PM, Elias Bizannes <[email protected]> wrote: > Interesting, thanks Allen. Any idea on where in the wordpress database this > would be hiding? > Elias Bizannes > http://eliasbizannes.com > > > On Tue, Aug 17, 2010 at 11:49 AM, Allen <[email protected]> wrote: >> >> My sites have been hacked so many times, the hackers send me a monthly >> check. >> >> I believe the latest round of hacks is direct sql attacks - not sql >> injection but somehow they are able to get into the dbs. I've had this >> happen on both rackspace and mediatemple - Rackspace made some changes >> to their phpmyadmin and while they continue to say that it had nothing >> to do with them, I don't buy it fully. Same issue with MT. >> >> You need to make sure the database is clear of the bad hack script >> code. The days of injecting code into the footer of a theme seem to be >> over - the new way is to hack the db and add code that only goes after >> those coming from Google - this way the site owner will typically >> never see the hack. >> >> On Tue, Aug 17, 2010 at 1:33 PM, Elias Bizannes >> <[email protected]> wrote: >> > Our self-hoested wordpress blog has been hacked again. We've identified >> > that >> > it's some sort of cookie which you notice on your first visit, but then >> > hides on subsequent visits. Nothing seems obvious in the source code, >> > like >> > the previous hacker attempt. >> > Can anyone help with this? >> > >> > Elias Bizannes >> > http://eliasbizannes.com >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups "DataPortability.Public.General" group. >> > To post to this group, send email to >> > [email protected] >> > To unsubscribe from this group, send email to >> > [email protected] >> > For more options, visit this group at >> > http://groups.google.com/group/dataportability-public?hl=en >> > For additional information, please visit: >> > http://www.dataportability.org/ >> >> -- >> You received this message because you are subscribed to the Google >> Groups "DataPortability.Public.General" group. >> To post to this group, send email to >> [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/dataportability-public?hl=en >> For additional information, please visit: >> http://www.dataportability.org/ > > -- > You received this message because you are subscribed to the Google > Groups "DataPortability.Public.General" group. > To post to this group, send email to > [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/dataportability-public?hl=en > For additional information, please visit: > http://www.dataportability.org/ -- You received this message because you are subscribed to the Google Groups "DataPortability.Public.General" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/dataportability-public?hl=en For additional information, please visit: http://www.dataportability.org/
